[Gluster-devel] Fwd: New Defects reported by Coverity Scan for GlusterFS
Lalatendu Mohanty
lmohanty at redhat.com
Mon Aug 4 09:45:44 UTC 2014
To fix these Coverity issues , please check the below link for guidelines:
http://www.gluster.org/community/documentation/index.php/Fixing_Issues_Reported_By_Tools_For_Static_Code_Analysis#Coverity
Thanks,
Lala
-------- Original Message --------
Subject: New Defects reported by Coverity Scan for GlusterFS
Date: Mon, 04 Aug 2014 02:31:28 -0700
From: scan-admin at coverity.com
Hi,
Please find the latest report on new defect(s) introduced to GlusterFS found with Coverity Scan.
Defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)
** CID 1229877: Copy into fixed size buffer (STRING_OVERFLOW)
/xlators/mgmt/glusterd/src/glusterd-snapshot.c: 4061 in glusterd_add_brick_to_snap_volume()
/xlators/mgmt/glusterd/src/glusterd-snapshot.c: 4062 in glusterd_add_brick_to_snap_volume()
/xlators/mgmt/glusterd/src/glusterd-snapshot.c: 4049 in glusterd_add_brick_to_snap_volume()
/xlators/mgmt/glusterd/src/glusterd-snapshot.c: 4050 in glusterd_add_brick_to_snap_volume()
** CID 1229876: Copy into fixed size buffer (STRING_OVERFLOW)
/xlators/mgmt/glusterd/src/glusterd-utils.c: 13482 in glusterd_update_mntopts()
/xlators/mgmt/glusterd/src/glusterd-utils.c: 13481 in glusterd_update_mntopts()
** CID 1229878: Time of check time of use (TOCTOU)
/xlators/features/changelog/lib/src/gf-changelog.c: 475 in gf_changelog_register()
________________________________________________________________________________________________________
*** CID 1229877: Copy into fixed size buffer (STRING_OVERFLOW)
/xlators/mgmt/glusterd/src/glusterd-snapshot.c: 4061 in glusterd_add_brick_to_snap_volume()
4055
4056 snprintf (key, sizeof(key) - 1, "vol%"PRId64".mnt_opts%d", volcount,
4057 brick_count);
4058 ret = dict_get_str (dict, key, &value);
4059 if (!ret) {
4060 /* Update the mnt_opts in original brickinfo as well */
>>> CID 1229877: Copy into fixed size buffer (STRING_OVERFLOW)
>>> You might overrun the 1024 byte fixed-size string "original_brickinfo->mnt_opts" by copying "value" without checking the length.
4061 strcpy (original_brickinfo->mnt_opts, value);
4062 strcpy (snap_brickinfo->mnt_opts, value);
4063 } else {
4064 if (is_origin_glusterd (dict) == _gf_true)
4065 add_missed_snap = _gf_true;
4066 }
/xlators/mgmt/glusterd/src/glusterd-snapshot.c: 4062 in glusterd_add_brick_to_snap_volume()
4056 snprintf (key, sizeof(key) - 1, "vol%"PRId64".mnt_opts%d", volcount,
4057 brick_count);
4058 ret = dict_get_str (dict, key, &value);
4059 if (!ret) {
4060 /* Update the mnt_opts in original brickinfo as well */
4061 strcpy (original_brickinfo->mnt_opts, value);
>>> CID 1229877: Copy into fixed size buffer (STRING_OVERFLOW)
>>> You might overrun the 1024 byte fixed-size string "snap_brickinfo->mnt_opts" by copying "value" without checking the length.
4062 strcpy (snap_brickinfo->mnt_opts, value);
4063 } else {
4064 if (is_origin_glusterd (dict) == _gf_true)
4065 add_missed_snap = _gf_true;
4066 }
4067
/xlators/mgmt/glusterd/src/glusterd-snapshot.c: 4049 in glusterd_add_brick_to_snap_volume()
4043
4044 snprintf (key, sizeof(key) - 1, "vol%"PRId64".fstype%d", volcount,
4045 brick_count);
4046 ret = dict_get_str (dict, key, &value);
4047 if (!ret) {
4048 /* Update the fstype in original brickinfo as well */
>>> CID 1229877: Copy into fixed size buffer (STRING_OVERFLOW)
>>> You might overrun the 255 byte fixed-size string "original_brickinfo->fstype" by copying "value" without checking the length.
4049 strcpy (original_brickinfo->fstype, value);
4050 strcpy (snap_brickinfo->fstype, value);
4051 } else {
4052 if (is_origin_glusterd (dict) == _gf_true)
4053 add_missed_snap = _gf_true;
4054 }
/xlators/mgmt/glusterd/src/glusterd-snapshot.c: 4050 in glusterd_add_brick_to_snap_volume()
4044 snprintf (key, sizeof(key) - 1, "vol%"PRId64".fstype%d", volcount,
4045 brick_count);
4046 ret = dict_get_str (dict, key, &value);
4047 if (!ret) {
4048 /* Update the fstype in original brickinfo as well */
4049 strcpy (original_brickinfo->fstype, value);
>>> CID 1229877: Copy into fixed size buffer (STRING_OVERFLOW)
>>> You might overrun the 255 byte fixed-size string "snap_brickinfo->fstype" by copying "value" without checking the length.
4050 strcpy (snap_brickinfo->fstype, value);
4051 } else {
4052 if (is_origin_glusterd (dict) == _gf_true)
4053 add_missed_snap = _gf_true;
4054 }
4055
________________________________________________________________________________________________________
*** CID 1229876: Copy into fixed size buffer (STRING_OVERFLOW)
/xlators/mgmt/glusterd/src/glusterd-utils.c: 13482 in glusterd_update_mntopts()
13476 "the brick (%s) failed", brick_path);
13477 ret = -1;
13478 goto out;
13479 }
13480
13481 strcpy (brickinfo->fstype, entry->mnt_type);
>>> CID 1229876: Copy into fixed size buffer (STRING_OVERFLOW)
>>> You might overrun the 1024 byte fixed-size string "brickinfo->mnt_opts" by copying "entry->mnt_opts" without checking the length.
13482 strcpy (brickinfo->mnt_opts, entry->mnt_opts);
13483
13484 ret = 0;
13485 out:
13486 GF_FREE (mnt_pt);
13487 return ret;
/xlators/mgmt/glusterd/src/glusterd-utils.c: 13481 in glusterd_update_mntopts()
13475 gf_log (this->name, GF_LOG_ERROR, "getting the mount entry for "
13476 "the brick (%s) failed", brick_path);
13477 ret = -1;
13478 goto out;
13479 }
13480
>>> CID 1229876: Copy into fixed size buffer (STRING_OVERFLOW)
>>> You might overrun the 255 byte fixed-size string "brickinfo->fstype" by copying "entry->mnt_type" without checking the length.
13481 strcpy (brickinfo->fstype, entry->mnt_type);
13482 strcpy (brickinfo->mnt_opts, entry->mnt_opts);
13483
13484 ret = 0;
13485 out:
13486 GF_FREE (mnt_pt);
13487 return ret;
________________________________________________________________________________________________________
*** CID 1229878: Time of check time of use (TOCTOU)
/xlators/features/changelog/lib/src/gf-changelog.c: 475 in gf_changelog_register()
469 if (ret) {
470 errn = errno;
471 goto cleanup;
472 }
473 }
474
>>> CID 1229878: Time of check time of use (TOCTOU)
>>> Calling function "realpath(char const * restrict, char * restrict)" that uses "scratch_dir" after a check function. This can cause a time-of-check, time-of-use race condition.
475 gfc->gfc_working_dir = realpath (scratch_dir, NULL);
476 if (!gfc->gfc_working_dir) {
477 errn = errno;
478 goto cleanup;
479 }
480
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, http://scan.coverity.com/projects/987?tab=overview
To unsubscribe from the email notification for new defects, http://scan5.coverity.com/cgi-bin/unsubscribe.py
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://supercolony.gluster.org/pipermail/gluster-devel/attachments/20140804/be236a2a/attachment.html>
More information about the Gluster-devel
mailing list